Table Of Contents
Symbols - Numerics - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z
Index
Symbols
# (number sign) 11-4
* (wildcard) 3-7, 5-5, 11-3
Numerics
1-Gbps and 2-Gbps bandwidth options
displaying software license key 12-2
displaying software version 12-2
understanding 1-6
upgrading to 2 Gbps 13-16
2-Gbps operation upgrade
activating additional data port 13-18
regenerating SSL certificates 13-18
A
AAA
accounting 4-12
authentication 4-5
authorization 4-10
configuring 4-3
aaa accounting command 4-12
aaa authentication command 4-5
aaa authorization command 4-10
accounting, configuring 4-12
action command 7-18
action flow 11-6
add-service command 7-9
admin privilege level 3-2, 4-6
always-accept 7-19
always-ignore 7-20
anomaly
detected 11-2
flow 11-3
anomaly detection engine memory usage 12-23, 12-25
AP
booting to 2-12
clearing configuration 13-19
clearing passwords 13-19, 13-22
upgrading 13-10
upgrading, inline 13-13
application partition
See AP
attack report
copying 11-7
detected anomalies 11-2
exporting 11-6, 11-7, 13-6
exporting automatically 11-6
layout 11-1
notify 11-4
statistics 11-2
timing 11-1
viewing 11-4
attack types 11-5
authentication, configuring 4-5
authorization
configuring 4-8, 4-9
disabling zone command completion 4-12, 5-6
auth packet types 7-11
automatic detect mode 1-5
automatic protection mode 9-3
automatic protect mode 9-3, 10-1
B
bandwidth options
displaying software license key 12-2
displaying software version 12-2
understanding 1-6
upgrading to 2 Gbps 13-16
banner, configuring login 4-30
Berkeley Packet filter 6-7
boot command 2-11
burn flash 13-15
bypass filter
command 6-10
configuring 6-10
definition 1-5, 6-1
deleting 6-12
displaying 6-11
C
capture, packets 12-13
caution, symbol overview 1-xvii
CFE 13-11, 13-14, 13-15
clear ap config command 13-19
clear ap password command 13-19, 13-22
clear counters command 3-9, 12-5
clear log command 12-10
CLI
changing prompt 4-25
command shortcuts 3-7
error messages 3-5
getting help 3-6
issuing commands 3-4
TAB completion 3-6
using 3-1
command completion 4-12
command line interface
See CLI 3-1
commands, deactivating 3-5
command shortcuts 3-7
config privilege level 3-2, 4-6
configuration, supervisor engine
saving 2-1
configuration file
copying 13-3
exporting 13-3
importing 13-4
viewing 12-3
configuration mode
accessing 4-11
described 3-2
configure command 2-9, 3-7
constructing policies 8-4
copy commands
ftp running-config 13-4
log 12-7, 12-9
packet-dump 12-15
reports 11-7
running-config 5-14, 13-3
zone log 12-9
copy-from-this 5-5
copy guard-running-config command 5-14, 5-16
copy login-banner command 4-31
copy-policies command 8-16
copy wbm-logo command 4-32
counters
clearing 3-9, 12-5
history 12-5
counters, viewing 12-5
cpu utilization 12-24
D
DDoS
nonspoofed attacks 1-3
overview 1-2
spoofed attacks 1-3
zombies 1-3
deactivate command 9-5
deactivating commands 3-5
default configuration, returning to 13-19
default-gateway command 3-10
description command 5-6
detect
automatic mode 1-5
interactive mode 1-5, 9-3
detect command 9-4
detected
anomalies 11-2
flow 11-6
detected attack 11-5
DETECTOR_DEFAULT 5-2
DETECTOR_WORM 5-2
diff command 8-13, 8-14
disable command 7-6
disabling, automatic export 13-7
DNS
detected anomalies 11-2
TCP policy templates 7-2
tcp protocol flow 11-5
dst-ip-by-ip activation form 9-4, 9-7
dst-ip-by-name activation form 9-3
dst traffic characteristics 7-11
dynamic filter
1000 and more 6-13
command 6-15, 6-16, 9-9
definition 1-5
deleting 6-15
displaying 6-13
displaying events 12-8
overview 6-2, 6-12
preventing production of 6-16
sorting 6-13
worm 7-22
dynamic filters 10-1
dynamic privilege level 3-2, 4-6
E
enable
command 4-10, 7-6
password command 4-9
enabling services 4-2
entire-zone activation form 9-3
event log
activating 12-7
deactivating 12-7
event monitor command 12-7
export, disabling automatic 13-7
export command 13-6
packet-dump 12-15
reports 11-7
exporting
configuration file 13-3
log file 12-9
reports automatically 11-6
exporting GUARD configuration 5-14, 5-16
export sync-config command 5-16
extracting signatures 12-19
F
facility 12-8
file server
configuring 13-2
displaying sync-config 13-8
file-server
command 5-16, 13-2
configuring 13-2
deleting 13-3
displaying 13-3, 13-8
displaying sync-config 5-16, 13-7
filters
bypass 1-5, 6-10
dynamic 1-5, 6-2, 6-12
flex-content 1-5, 6-2
fixed-threshold 7-15
flash-burn command 13-16
flex-content filter
configuring 6-3
definition 1-5, 6-1
displaying 6-9
filtering criteria 6-2
renumbering 6-3
fragments 11-5
detected anomalies 11-2
policy template 7-2
G
generating signatures 12-19
global mode 3-2
global traffic characteristics 7-11
Guard
configuration mode 3-3
exporting configuration 13-6
GUARD_DEFAULT 5-3
GUARD_LINK 5-3
GUARD_TCP_NO_PROXY 5-3
GUARD_ zone policy template 7-3
guard-conf command 5-10
GUARD configuration, exporting 5-14, 5-16
GUARD configuration, importing 5-14
Guard-protection activation methods 9-3
H
histogram command 7-21
host, logging 12-8
host keys
deleting 4-19
host keys, deleting 4-20
hostname
changing 4-25
command 4-25
HTTP
detected anomalies 11-2
policy template 7-2
hw-module command 13-10, 13-11, 13-12, 13-14, 13-18, 13-21
hw-module commands 2-11
hybrid 11-5
I
idle session, configuring timeout 4-33
idle session, displaying timeout 4-33
importing GUARD configuration 5-14
inline upgrade 13-13
in packet types 7-11
installation, verifying 2-2
interactive
operation mode 10-3
policy status 7-20
interactive detect mode 1-5, 9-3
interactive protect mode 10-1
interactive-status command 7-19
interface
activating 3-8, 3-9
clearing counters 3-9
command 3-8
configuration mode 3-3
configuring IP address 3-8
IP address
modifying, zone 5-8
ip address command
deleting 5-8
excluding 5-7
interface 3-8
zone 5-7
ip route command 3-10
IP scan 11-5
detected anomalies 11-2
policy template 7-2
IP threshold configuration 7-17
K
key, generating for license 13-17
key command
add 4-21, 4-23
generate 4-21, 4-24
remove 4-24
key publish command 4-21, 4-22
L
learning
command 8-5, 8-7
constructing policies 8-4
overview 8-1
policy-construction command 8-4
synchronizing results 8-3
terminating process 8-5, 8-7
threshold-tuning command 8-6
tuning thresholds 8-6
learning accept command 8-5, 8-6
learning parameters, displaying 8-8
learning-params
deactivating periodic action 8-7
deactivating periodic-action command 8-5
periodic-action command 5-12, 8-5, 8-7, 8-8
threshold-multiplier command 7-15
threshold-selection command 8-6, 8-9
threshold-tuned command 5-8, 8-10
learning-params command 5-11, 5-16
learning-params fixed-threshold command 7-15
licenses
generating key 13-17
ordering XG upgrade license 13-17
LINK templates 8-4
log file
clearing 12-10
exporting 12-7, 12-9
viewing 12-9
logging, viewing configuration 12-9
logging command 12-8
login banner
configuring 4-30
deleting 4-31
importing 4-31
login-banner command 4-30
logo
adding WBM 4-32
deleting WBM 4-33
M
maintenance partition
See MP
management
MDM 3-13
overview 3-11
port 2-2
SSH 3-13
VLAN 2-2
WBM 3-11
max-services command 7-5
MDM, activating 3-13
memory consumption 12-23
memory usage, anomaly detection engine 12-23, 12-25
min-threshold command 7-6
monitoring, network traffic 12-15
MP
booting to 2-11
upgrading 13-12
upgrading, inline 13-13
mtu command 3-9
N
netstat command 12-26
network server
configuring 13-2
deleting 13-3
displaying 13-3, 13-8
displaying sync-config 5-16, 13-7, 13-8
network server, configuring 13-2
no learning command 8-5, 8-7
non_estb_conns packet type 7-11
nonspoofed attacks 1-3
no proxy policy templates 7-4
note, symbol overview 1-xvii
notify 11-4
notify policy action 7-19
ns policy templates 7-4
O
other protocols
detected anomalies 11-2
policy template 7-3
out_pkts packet types 7-11
P
packet-dump
auto-capture command 12-13
automatic
activating 12-12
deactivating 12-13
displaying settings 12-13
exporting 12-15, 13-6
signatures 12-20
packet-dump command 12-13
packets, capturing 12-13
password
changing 4-7
enabling 4-9
encrypted 4-6
recovering 13-19, 13-22
pending 10-1
pending dynamic filters 10-1, 10-2
displaying 10-3, 10-5
periodic action
accepting policies automatically 8-5, 8-7
deactivating 8-5, 8-7
permit
command 3-11, 3-13, 4-3
permit ssh command 4-20
ping command 12-30
pkts packet type 7-11
policy
action 7-12, 7-18, 7-19
activating 7-13
adding services 7-9
backing up current 7-25, 8-17
command 7-12
configuration mode 3-3
constructing 1-4, 8-2, 8-4
copying parameters 8-16
copy-policies 8-16
deleting services 7-9
disabling 7-13
inactivating 7-13
learning-params, fixed-threshold command 7-15
marking as tuned 5-8, 8-10
marking threshold as fixed 7-15
multiplying thresholds 7-16
navigating path 7-12
packet types 7-10
show statistics 7-24
state 7-13
threshold 7-12, 7-14
threshold-list command 7-17
timeout 7-12, 7-18
traffic characteristics 7-11
tuning thresholds 1-4, 8-2, 8-6
using wildcards 7-12, 7-23, 7-24
viewing statistics 8-8
policy set-timeout command 7-18
policy template
command 7-4, 7-6
configuration command level 7-4
configuration mode 3-3
displaying list 7-4
Guard policy templates for synchronization 7-3
max-services 7-5
min-threshold 7-6
overview 7-2
parameters 7-4
state 7-6
worm_tcp 7-4
policy-template add-service command 7-9
policy-template remove service command 7-9
policy-type activation form 9-4
port scan 11-5
detected anomalies 11-2
policy template 7-3
power enable command 2-11
privilege levels 3-2
assigning passwords 4-9
moving between 4-10
protect
activation methods 9-3
automatic mode 9-3, 10-1
deactivating 9-5
interactive mode 10-1
protect command 9-5
protection-end-timer 9-7, 9-8
protect-ip-state command 9-3
protect learning command 8-6
protocol traffic characteristics 7-11
proxy policy templates, no proxy policy templates 7-4
public key, displaying 4-24
R
rates
history 12-4
viewing 12-4
reactivate-zones 13-8
rebooting parameters 13-8
recommendations 10-1
accepting 10-7
activating 10-3, 10-6
change decision 7-19
command 10-6
deactivating 10-3, 10-8
dynamic filters 10-1
ignoring 10-7
overview 10-1
viewing 10-4
viewing pending-filters 10-3, 10-5
reload command 13-8
remote-activate policy action 7-19
remote Guard
activating 6-14
terminating protection 9-7, 9-8
remote-guard command 9-7, 9-8
remote Guard list
displaying 9-7, 9-8
remote Guards
activating 9-5
default list 9-7
list 9-8
list activation order 9-8
remove service command 7-9
renumbering flex-content filters 6-3
report
See attack report 11-1
reports
details 11-4
exporting 13-6
reqs packet type 7-11
reset command 2-11
router configuration mode 3-3
routing table
manipulation 3-10
viewing 3-11
running-config
copy 5-14, 13-3
show 12-3
S
scanners traffic characteristics 7-12
service
adding 7-9
command 3-11, 3-13, 4-2
copy 8-16
deleting 7-9
MDM 3-13
permissions 4-3
snmp-trap 4-26
WBM 3-11
services, enabling 4-2
session, configuring timeout 4-33
session, displaying idle timeout 4-33
session timeout, disabling 4-33
session-timeout command 4-33
set-action 7-19
show commands
counters 12-5
cpu 12-24
diagnostic-info 12-22
dynamic-filters 6-13
file-servers 13-3, 13-8
flex-content-filter 6-9
host-keys 4-20, 4-23
learning parameters 8-8
learning-params 7-15
log 12-9
log export-ip 12-9
logging 12-9
login-banner 4-30
memory 12-23
module 2-2, 13-11, 13-12
packet-dump 12-13
packet-dump signatures 12-20
policies 7-23
policies statistics 7-24, 8-8
public-key 4-23, 4-24
rates 12-4
recommendations 10-4
recommendations pending-filters 10-3, 10-5
remote-guards 9-7, 9-8
reports details 11-4
running-config 12-3
show 12-4
sorting dynamic-filters 6-13
sync-config 5-16
sync-config file-servers 5-16, 13-7, 13-8
templates 5-5
zone policies 7-23
show privilege level 3-2, 4-6
show public-key command 4-25
shutdown command 3-9
signature
generating 12-19
snapshot
backing up policies 7-25, 8-17
command 8-12
comparing 8-13
deleting 8-15
displaying 8-15
overview 8-12
saving 8-12, 8-13
saving periodically 8-8
SNMP
configuring trap generator 4-26
traps description 4-27
snmp commands
community 4-29
trap-dest 4-26
software license key, displaying key information 12-2
software version number, displaying 12-2
SPAN, configuring 2-7
specific IP threshold 7-17
spoofed attacks 1-3
src traffic characteristics 7-12
SSH
configuring 3-13
deleting keys 4-24
generating key 4-21, 4-24
host key 4-22
service 3-13
viewing public key 4-23
ssh key, publishing 4-22
state command 7-13
static route, adding 3-10
supervisor engine
booting 2-11
configuring 2-1
powering off 2-11
resetting 2-11
saving configuration 2-1
shutting down 2-11
verifying configuration 2-12
syn_by_fin packet type 7-11
sync command 5-12, 5-13
synchronization
exporting configuration 13-6
syns packet type 7-11
syslog
configuring export parameters 12-8
configuring server 12-8
message format 12-8
system log, message format 12-8
T
TACACS+
authentication
key generate command 4-18
key publish command 4-21
clearing statistics 4-16
configuring server 4-13
server connection timeout 4-15
server encryption key 4-15
server IP address 4-14
viewing statistics 4-16
tacacs-server commands
clear statistics 4-16
first-hit 4-13
host 4-13, 4-14
key 4-13, 4-15
show statistics 4-16
timeout 4-13, 4-16
TCP
detected anomalies 11-2, 11-5
no proxy policy templates 7-4
policy templates 7-3
templates
LINK 8-4
viewing policies 5-5
zone 5-2
thresh-mult 7-16
threshold
command 7-14
configuring IP threshold 7-17
configuring list 7-17
configuring specific IP 7-17
marking as tuned 5-8, 8-10
multiplying before accepting 7-15
selection 8-12
setting as fixed 7-15
tuning 1-4, 8-2
worm 7-20
threshold-list command 7-17
threshold selection 8-6
threshold tuning
save results periodically 8-8
timeout command 7-18
timeout session, configuring 4-33
timeout session, disabling 4-33
timesaver, symbol overview 1-xvii
tip, symbol overview 1-xvii
traceroute command 12-29
traffic, monitoring 12-15
traffic sources
capturing 2-3
configuring 2-3
SPAN 2-3
VACL 2-3
trap 12-8
trap-dest 4-26
tuning policy thresholds 8-6
U
UDP
detected anomalies 11-3
policy templates 7-3
unauth_pkts packet type 7-11
unauthenticated TCP detected anomalies 11-3
upgrade command 13-19
upgrade license 13-17
upgrading
AP 13-10
inline 13-13
MP 13-12
user-detected anomalies 11-3
user filter
command 6-3
username
encrypted password 4-6
username command 4-6
users
adding 4-6
adding new 4-6
assigning privilege levels 4-6
deleting 4-8
privilege levels 3-2, 4-9
system users
admin 2-9
riverhead 2-9
username command 4-6
V
VACL, configuring 2-4
version, upgrading 13-19
W
WBM
activating 3-11
WBM logo
adding 4-32
deleting 4-33
worm
dynamic filter 7-22
identifying attack 7-22
overview 7-20
policy 7-11, 7-12
policy templates 7-3, 7-21
thresholds 7-20, 7-21
worm_tcp policy template 7-4
X
XG software image
license key 13-17
obtaining software image 13-17
XG software version, 2-Gbps operation 13-16
XML schema11-6to 11-8, 12-15, 13-7
Z
zombies 1-3
zone
anomaly detection 9-1
clearing counters 12-6
command 5-4, 5-5, 10-3
command completion 4-12, 5-6
comparing 8-14
configuration mode 3-3, 5-6
copying 5-5
creating 5-4
defining IP address 5-7
deleting 5-5
deleting IP address 5-8
duplicating 5-5
excluding IP address 5-7
exporting configuration 5-16
IP address 5-7
learning 8-1
LINK templates 8-4
modifying IP address 5-8
operation mode 5-5
reconfiguring 5-6
synchronize configuration 5-8
synchronizing automatically 5-11
synchronizing offline 5-14
templates 5-2
viewing configuration 5-7
viewing policies 7-23
viewing status 12-4
zone policy
marking as tuned 5-8, 8-10
zone synchronization 8-3